Showing results for 
Search instead for 
Did you mean: 
Post a Question
Coulibaly_Adam inside Policy Management 5 hours ago
views 20 1

R80.20 : Policy verification failed

Hi Everyone, I have some errors when installing policy on my Gateway.Errors :Layer 'fratmat_opt': Rule 3 Hides rule 4 for Services & Applications: smtp.Rule 3 Hides rule 5 for Services & Applications: https ,http.Rule 3 Hides rule 6 for Services & Applications: telnet ,icmp-proto .Rule 3 Hides rule 8 for Services & Applications: TCP_25897 ,TCP_7865Policy verification failed. How to solve this issue ? Need assistance please !!!Thanks, Adam
Flaver1078 inside Policy Management 6 hours ago
views 16 1

Pre-Migration Warning R80.20

Hello, i am planning to migrate my company's SMS R77.30 to R80.20. After running the pre-migrate check i have an error and 4 warning messages. However i was able to resolve the error message but the warning message (Legacy DHCP Relay Services - Change in behavior in R80 and higher) is still giving trouble to resolve. I have about 9 rule packages with Legacy DHCP Relay services. Am i going to running into issue when i migrate to R80.20?
Sagar_Manandhar inside Policy Management 10 hours ago
views 149162 8

Application and Url filtering not working

Hi,i am using 5600 appliance and there i have written different application and url filtering policy in which pornography and media stream(category) is at top and is block. But all the client are being able to access the porn site and media.when i see the log of application and url it show allow but when i click to "Go to policy" tab there comes the error "the rule does not exist anymore". What may be the reason?.
inside Policy Management yesterday
views 3014 9 13

Did you know? SmartConsole Tags

R80 and R80.10 provide a new feature for ease of security management: Tags.We have presented it in Check Point conventions dating back to 2013 - it's time that we discuss them at CheckMates as well The purpose with tags is to ease the searches and associations of objects. You can tag any object from its Object Editor, as well as with the Security Management CLI or API. You can then search for all objects that belong to a specific tag.In the Object Explorer:When picking objects in places like security policies:In addition of simplified user experience, Tags have good value in the world of automation and orchestration.
Publicis_Networ inside Policy Management Friday
views 39 1

Enabled Https inspection but getting certificate warning for few URLs only

Hi I Have enabled https inspection for the application control. Most of the URLs its working fine but for few URLs it is showing certificate error ( Site is not secured ). And from outside internet these URLs are working fine with proper client certificate. what could be the reason. --Mayank
peter_schumache inside Policy Management Friday
views 25 1

Need to change bootp config to dhcp_request when upgradig SmartCenter to R80.x

The pre_upgrade_verifier of R80.x gives a warning, that we use the service "bootp" in our existing R77.30 policies, and that we should replace it with the new dhcp_xxx services.Our gateways DO NOT ACT as DHCP Relays, they just forward unicast bootp requests, which were relayed on routers behind the firewall.Is it therefore correct that we can just replace all instances of the "bootp" service with "dhcp_request"
joc inside Policy Management Wednesday
views 15

Policy Installation

Hi, We have noticed that during a policy installation our incoming traffic from the internet is not getting through the firewall. We then receive alerts from site 24x7 that they are unable to connect/monitor our website.We have also seen our internal monitoring server getting timeouts when trying to perform its checks (ping, telnet, etc,) against our web servers, again only during a policy install on the FW's We are running version 80.10 on all FW's Thanks,John
Kenan_Duzdas1 inside Policy Management Tuesday
views 40 1

SmartMove fails on converting of fortgate's zone

We have FortiGate firewall includes 3000 overrules.In order to convert all of the FortiGate rules, I am using the SmartMove tool. We would like to see all rules as in-line layer after it's converted by the smart move. But instead, it's shown as order layer, not an in-line layer. This is not an option that we can go with it. As we go deeper to figure out what could be the reason converted rules as shown order layer, the smart move gets conflicted if the source or destination zone is set to ALL. If we specify the decent zone as the destination, the smart move does its job fine but if destination zone is set to ALL, then smart move adding all rules are set to ALL as order layer. I am sharing some of the output that can give you an idea about my case.As you see below, rule numbers 1 and 2 it created automatically, there is no such a rules on the fortigate. On rule numbers 24-25-26 those rules does not make sense because it's converted as order layer by the smartmove tool.No.NameSourceDestinationServiceActionTimeTrack1A_ZONEA_ZONEA_ZONEanySub-policy: A_ZONE_internalanyLog 1.1 anyanyanyAcceptanyLog2B_ZONEB_ZONEB_ZONEanySub-policy: B_ZONE_internalanyLog 24 T- T- T- If I set destination zone to related zone instead of putting ALL, smartmove does its job pretty good.We have onle one options here, we have to replace all zone that is set to ALL to related zone by one by. Has anyone of you encountered such a problem? best regardsKenan Duzdas
Paul_Gademsky inside Policy Management Tuesday
views 121 8

SmartConsole Security Policies - Search feature is broken for inline layers

R80.20 on MDS/CMA. SmartCenterWhen looking at the Security policies and trying to do a search for objects in a policy that contains an ordered layer section and inline layer section in the policy, the search is able to find the object in the ordered section but not in the inline section. An example is searching for a host and it finds one occurrence in the inline section, but no others. When using object explorer, and doing a where used on the object in question, it lists it in the policy in question in ~15 places.The same thing occurs in the Security Zone inline layer section.This makes the search feature pretty much useless and misleading for operational purposes.I've had an open ticket on this for almost a month, and now have the response of ' it looks like it's not supported'.Has anyone else run into this, and found a workaround besides the 'where used' option?Thank you,PG
Mart_Pirita inside Policy Management Monday
views 6576 56 18

When Will SmartConsole Support In-Place Updates?

Hi,I have used CheckPoint since 2005 and I'm now pretty sure, that CheckPoint hates SmartConsole users, as in year 2019 it's impossible to upgrade CheckPoint SmartConsole, without uninstalling old CheckPoint SmartConsole. And in year 2019 this uninstalling does not give any option to save settings and fingerprints, like for example Juniper -s Pulse does.Uninstalling CheckPoint console removes all settings and fingerprints but of course it does not remove installation folder C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10 and later on new installer then gives error - "The installation directory provided is not empty and might contain previous installation files. To proceed with the installation, please clean this directory or select an empty folder".Really? In year 2019 I must do it manually? What do you CP guys smoke? Investigated this a bit and it finally turned out, that folder C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10 contained one empty folder "PROGRAM". After manually removing C:\Program Files (x86)\CheckPoint\SmartConsole\R80.10 folder, installer was happy.But I'm not happy, as the console thinks I'm using it first time, so I must add all settings, again. Accept all servers fingerprints, again. Close the boring popup notifications, again. Etc. And as CheckPoint keeps constantly upgrade SmartConsole, I must deal with this installer issue quite often. Conclusion - in year 2019 we are paying huge money to CheckPoint and in return we're getting lousy product and for comparision freeware tools can create better windows installer packages with better logic, but CheckPoint can't or won't.

Policy Installation History

What would be the quickest way to install specific revision from a deleted policy package?
PatrickSpousta inside Policy Management Monday
views 596 8

Problem to install EA R80.30 SmartConsole

Hello communityI wanted to play a little bit with EA version of CheckPoint software. On Virtual Machine I was able to upgrade Security Management Server from R80.20 to R80.30 without any problem. Then I tried to install appropriate SmartConsole application on Windows 7 but it fails. I tried that two times.Log file shows several errors like- can't delete old values from registry- could not calculate size of component- The File : C:\Program Files (x86)\SmartConsoleSetupFile\setup.exe not foundand other messages. I'm directly running the installer Check_Point_R80.30EA_T155_SmartConsole_Windows.exe as usualDoes anybody has same experience and was able to find a way how to install this version of SmartConsole app?Thank you.
Gaurav_Pandya inside Policy Management Monday
views 15457 26 12

Dynamic Objects in R80.10

Hi All,I came to know the feature of R80.10 that we can make the dynamic objects for Microsoft services and others. Prerequisite for both Mgmt and Gateway : R80.10 with Take 24 HFA.ConfigurationIn SmartConsole, go to the Objects Explorer (in the upper right corner).Click on the .. button - go to the More menu - go to the Network Object menu - go to the Dynamic Objects menu - click on the Dynamic Object...: Name the dynamic object with the specific Office365 service name as specified in the table below (Important Note: The names are case sensitive).Description of Office 365 serviceName of Check Point Dynamic ObjectName in Microsoft feedAll Office 365 servicesCP_MS_Office365-Exchange FederationCP_MS_EX-FedEX-FedExchange OnlineCP_MS_EXOEXOExchange Online ProtectionCP_MS_EOPEOPMicrosoft Digital NoteCP_MS_OneNoteOneNoteMicrosoft TeamsCP_MS_TeamsTeamsOffice for iPadCP_MS_OfficeiPadOfficeiPadOffice MobileCP_MS_OfficeMobileOfficeMobileOffice OnlineCP_MS_WACWACOffice 365 Authentication and IdentityCP_MS_IdentityIdentityOffice 365 Certificate Revocation ListsCP_MS_CRLsCRLsOffice 365 Portal and sharedCP_MS_o365o365Office 365 ProPlusCP_MS_ProPlusProPlusOffice 365 Video and Microsoft StreamsCP_MS_Office365VideoOffice365VideoOffice 365 YammerCP_MS_YammerYammerOffice 365 SwayCP_MS_SwaySwayRemote Connectivity AnalyzerCP_MS_RCARCASharePoint Online and OneDrive for BusinessCP_MS_SPOSPOSkype for Business OnlineCP_MS_LYOLYOTask Management for TeamsCP_MS_PlannerPlannerCreate the relevant access policy rule.Publish the session and install the policy.
Lesley_Willems2 inside Policy Management Monday
views 208 2

Application Control AD service not matching

Hi all, I'm trying to use the predefined AD service in a access rule but the rule will not be hit. Traffic is from cliënt to domain controller. The AD service comes from the application/categories which is in the object categories. Is it even possible to use it in the way as I decribed? Manual made services will match the rule. TIA!BR,Lesley
ED inside Policy Management Monday
views 181 13

Connection with 'xxxxx' is lost

Hi, This is the situation: When i hover over the x sign it says 'Connection with xxxx is lost'. I can do the following:-open up all the gateway object properties-install policy-SIC is communicating on the GW's objects-SIC on SMS is greyed out What i did was to poweroff the SMS to take a snapshot with VMware. After bootup I got these red x signs. Any ideas what could have happened?